Zonera

Privacy Policy

Last updated March 07, 2026

This Privacy Notice for Zonera ('we', 'us', or 'our') describes how and why we collect, use, and share your personal information when you use our services ('Services'), including our website at zonera.io and the Zonera platform — a web-based tool for location analysis and demographic insights.

Questions? Contact us at [email protected].

As a small organisation that does not carry out large-scale processing of special categories of data, we are not required to appoint a Data Protection Officer (DPO) under GDPR Article 37. For any data protection enquiries, please contact us at the email address above.

1. What information do we collect?

Information you provide

When you register and use our Services, we collect:

  • Name and email address
  • Password (stored as a cryptographic hash)

We do not process sensitive information (racial origin, health data, etc.).

Payment data

All payment data is handled and stored by Stripe. We do not store your card details.

Information collected automatically

Our servers automatically collect log data when you use the Services: IP address, browser type, pages visited, timestamps, and error reports. This data is used to maintain security and improve the Services.

2. How do we use your information?

We use your personal information to:

  • Create and manage your account
  • Provide the Services you requested
  • Send administrative emails (password reset, account verification, service updates)
  • Protect against fraud and abuse
  • Understand how the Services are used so we can improve them

3. Legal bases for processing (GDPR)

Under the GDPR, we rely on these legal bases:

  • Contract — to provide the Services you signed up for
  • Legitimate interests — to improve the Services and prevent fraud
  • Consent — where applicable (e.g. marketing emails). You can withdraw consent at any time by contacting us
  • Legal obligation — to comply with applicable laws

4. Who do we share your information with?

We share data only with service providers that help us operate:

  • Resend (United States) — email delivery
  • Stripe (Ireland, EU) — payment processing
  • DigitalOcean (United States) — hosting and infrastructure

These providers are based in the United States and process data on our behalf under data processing agreements. Data transfers to these providers are protected by Standard Contractual Clauses (SCCs) approved by the European Commission. We do not sell your personal information.

We may also share information in the event of a merger, acquisition, or sale of assets.

5. How long do we keep your information?

We keep your personal information for as long as you have an account with us. When you delete your account, we delete your data from our active databases. Backup copies are automatically purged within 30 days. Some data may be retained longer where required by law (e.g. billing records).

6. How do we keep your information safe?

We use industry-standard security measures including encrypted connections (HTTPS), hashed passwords, and secure hosting. However, no system is 100% secure, and we cannot guarantee absolute security.

7. Cookies

Our Services currently do not use cookies. If this changes in the future, we will update this Privacy Notice and, where required, request your consent.

8. Automated decision-making

We do not use automated decision-making or profiling that produces legal effects or similarly significant effects on you, as defined under GDPR Article 22.

9. Age requirement

Our Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from anyone under 18. If you believe we have inadvertently collected such data, please contact us so we can delete it.

10. Your privacy rights

If you are in the EEA, UK, or Switzerland, you have the right to:

  • Access and receive a copy of your personal data
  • Correct or delete your personal data
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time

To exercise these rights, contact us at [email protected] or update your information in your account settings.

You also have the right to lodge a complaint with your local data protection authority. For users in Spain, this is the Agencia Española de Protección de Datos (AEPD). For users in the Netherlands, this is the Autoriteit Persoonsgegevens.

To unsubscribe from marketing emails, click the unsubscribe link in the email or contact us. We will still send you service-related messages.

11. Governing law

This Privacy Notice is governed by the laws of Spain.

12. Changes to this notice

We may update this Privacy Notice from time to time. The updated version will be indicated by the 'Last updated' date at the top of this page.

13. Contact

If you have questions about this Privacy Notice, email us at [email protected].